Scott Hanselman

browse by category or date

How to Remote Desktop (RDP) into a Windows 10 Azure AD joined machine

April 22, 2020 Comment on this post [15] Posted in Win10
Sponsored By

Since everyone started working remotely, I've personally needed to Remote Desktop into more computers lately than ever before. More this week than in the previous decade.

I wrote recently about to How to remote desktop fullscreen RDP with just SOME of your multiple monitors which is super useful if you have, say, 3 monitors, and you only want to use 2 and 3 for Remote Desktop and reserve #1 for your local machine, email, etc.

IMHO, the Remote Desktop Connection app is woefully old and kinda Windows XP-like in its style.

Remote Desktop Connection

There is a Windows Store Remote Desktop app at https://aka.ms/urdc and even a Remote Desktop Assistant at https://aka.ms/RDSetup that can help set up older machines (earlier than Windows 10 version 1709 (I had no idea this existed!)

The Windows Store version is nicer looking and more modern, but I can't figure out how to get it to Remote into an Azure Active Directory (AzureAD) joined computer. I don't see if it's even possible with the Windows Store app. Let me know if you know how!

Windows Desktop Store App

So, back to the old Remote Desktop Connection app. Turns out for whatever reason, you need to save the RDP file and open it in a text editor.

Add these two lines at the end (three if you want to save your username, then include the first line there)

username:s:.\AzureAD\YOURNAME@YOURDOMAIN.com
enablecredsspsupport:i:0
authentication level:i:2

Note that you have to use the style .\AzureAD\email@domain.com

The leading .\AzureAD\ is needed - that was the magic in front of my email for login. Then enablecredsspsupport along with authentication level 2 (settings that aren't exposed in the UI) was the final missing piece.

Add those two lines to the RDP text file and then open it with Remote Desktop Connection and you're set! Again, make sure you have the email prefix.

The Future?

Given that the client is smart enough to show an error from the remote machine that it's Azure AD enabled, IMHO this should Just Work.

More over, so should the Microsoft Store Remote Desktop client. It's beyond time for a refresh of these apps.

NOTE: Oddly there is another app called the Windows Desktop Client that does some of these things, but not others. It allows you to access machines your administrators have given you access to but doesn't allow you (a Dev or Prosumer) to connect to arbitrary machine. So it's not useful to me.
Windows Virtual Desktop

There needs to be one Ultimate Remote Windows Desktop Client that lets me connect to all flavors of Windows machines from anywhere, is smart about DPI and 4k monitors, remotes my audio optionally, and works for everything from AzureAD to old school Domains.

Between these three apps there's a Venn Diagram of functionality but there's nothing with the Union of them all. Yet.

Until then, I'm editing RDP files which is a bummer, but I'm unblocked, which is awesome.

Sponsor: Couchbase gives developers the power of SQL with the flexibility of JSON. Start using it today for free with technologies including Kubernetes, Java, .NET, JavaScript, Go, and Python.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
Comment on this post [15]
Share on Twitter or Facebook or use the
April 23, 2020 12:43
This is a comment without a link to fix a bug.

I would love to be able to have Remote Desktop without the necessary port. I would love a native solution without needing port forwarding on the router side. Everything involving setting up e.g. Hamachi is a hassle I believe and I would just love to connect to my remote machine. I know I would need some kind of server for this to establish the connection, but why now? I can set something up on Azure as a mediator.
Dennis
April 23, 2020 13:26
Have a look at https://www.freerdp.com. It's free, portable, has a lot of custom settings and is available for any os.
Micha
April 23, 2020 13:58
This would be really helpful for remote teams working on a project. Thank you so much for sharing :)
Namit Pandey
April 23, 2020 14:35
I was playing with the Windows Store Remote Desktop recently as well. At first glance, it looked great! But after a couple of hours, I switched back to the old built-in app. Why? Because many key bindings did not work properly, e. g. PrintScreen or some ReSharper specifics like Ctrl+Alt+7/AltGr+7.
mu88
April 23, 2020 17:02
The new Windows Store version of the thing is completely frustrating. I was hoping to install rdcman but it's gone poof, so when I saw the new Remote Desktop app I nearly got excited ... but then I tried it out and found that it lacks all the tweaks I like in the old rdp/rdcman - such as being able to reduce color settings for example because of having a flaky connection. So frustrating! So I just reverted to the clunky old-timey ways of having multiple rdp connection files. I miss rdcman. It wasn't pretty or modern but it got the job done.
Arvis Pinkletter
April 23, 2020 23:58
I had a similar issue, trying to remove into my non-domain-joined Windows PRO personal machine with a Microsoft Account.

There, you login with MicrosoftAccount\myemail@domain.com

(the "MicrosoftAccount" being hardcoded as such :)) Effectively, replace this blog's suggested "AzureAD" with "MicrosoftAccount"...
Joris de Gruyter
April 24, 2020 5:36
I RDP to a lot of Windows servers. The best RDP manager I've been able to find is mRemoteNG. I've been using it for years. Haven't tried remoting to an AAD joined machine yet though.
Trevor
April 25, 2020 2:49
I've been using Royal TS for years. Also supports many other connection types.

https://www.royalapps.com/ts/win/features
James
April 25, 2020 2:58
I am using ASG Remote Desktop for years, it's not free but worth the money
https://www.asg.com/en/Products/IT-Systems-Management/Applications-Management/ASG-Remote-Desktop.aspx

Richard
April 25, 2020 23:05
Awesome. I'm still using the old Remote Desktop Connection app.
Ely
April 25, 2020 23:17
This doesn't appear to allow logins that have 2FA enabled though - the password for the account isn't accepted, and I can't see a way to otherwise login? It's still one step closer though!
Wayne
April 26, 2020 1:42
Scratch that, just tried again and noticed I'd accidentally switched to a US keyboard layout - doh. Excellen
Wayne
April 27, 2020 18:23
I ended up buying Stardock's Multiplicity for its support of 4K RDP. Requires a DisplayPort dongle to trick the remote PC into using its graphics card to render full 32 bit color. Works great.
Erik Madsen
May 03, 2020 14:32
What one expect from a Windows Store app after facing the dismemberment of the Control Panel into little, function-free modern apps? That's the new Microsoft, taking payment from mouse makers for clicking so much to do nothing.

What happened to the designers of Windows XP, the last Microsoft OS designed from A to Z?
Peter Adam
October 30, 2020 12:57
Hey Scott!
It's been a while since you did this tutorial but is there a way to connect to Azure AD joined machines WITHOUT disabling NLA (Network Level Authentication)?
So far I've not been able to RDP connect to a Azure AD joined machine which has NLA enabled.

Is this documented? Is it 'best practice' to disable NLA in this case?

Best regards


Kai
Kai Roth

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.